Proabably more "dirty" than "quick", so I am sure my config neeeds cleanup
i.e. removing unneccesary settings, correcting settings...In general I try to keep the config simple as I am still not familiar with MT at all:
CapAX shall act as an AP in bridge mode, providing 192.168.178.0/24 network to my 2.4 GHz and 5 GHz WiFi clients.
No need for firewall, or does it real make sense to have one behind the ISP router Firewall?
So any advice is appreciated.
Also...I'd like to see the hostnames in "WIFI/Registration" or "QuickSet Local/Clients" - can somehow explain how to achieve this?
DHCP is provided by my ISP router. I am sure I can create a list with IP, Hostname and MAC if it would be useful.
Txs guys
Code: Select all
# 2024-01-23 14:47:04 by RouterOS 7.13.2
# software id = XGEA-TLYF
#
# model = cAPGi-5HaxD2HaxD
# serial number = redacted
/interface bridge
add admin-mac=48:A9:8A:E4:FE:BD auto-mac=no comment=defconf name=bridge
/interface wifi
set [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=5560 \
.skip-dfs-channels=10min-cac .width=20/40/80mhz configuration.country=\
Germany .mode=ap .ssid=DarkStar-5 disabled=no \
security.authentication-types=wpa2-psk,wpa3-psk .connect-priority=0 .ft=\
yes .ft-over-ds=yes
set [ find default-name=wifi2 ] channel.band=2ghz-ax .frequency=2437 \
.skip-dfs-channels=disabled .width=20/40mhz configuration.country=Germany \
.mode=ap .ssid=DarkStar-2 disabled=no security.authentication-types=\
wpa2-psk,wpa3-psk .connect-priority=0 .ft=yes .ft-over-ds=yes
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wifi1
add bridge=bridge comment=defconf interface=wifi2
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=LAN
/interface wifi access-list
add action=accept disabled=no mac-address=30:58:90:75:2C:5C
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-client
add comment=defconf interface=bridge
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/system clock
set time-zone-name=Europe/Berlin
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set broadcast=yes enabled=yes manycast=yes
/system ntp client servers
add address=192.168.178.55
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="\r\
\n :if ([system leds settings get all-leds-off] = \"never\") do={\r\
\n /system leds settings set all-leds-off=immediate \r\
\n } else={\r\
\n /system leds settings set all-leds-off=never \r\
\n }\r\
\n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
